Pharming, SPIM Plaguing Internet

Pharming differs from traditional phishing in that a user attempting to directly access their online bank account may think they are on their bank's Web site, but in reality have been secretly redirected to the scammer's look-alike Web site.

By Jennifer LeClaire
04/06/05 1:24 PM PT

As if phishing isn't bad enough, network security firms report pharmers are now emerging in larger numbers on the Internet to steal your identity. To top it off, new research has found that the volume of IM-borne security threats have also increased dramatically since the beginning of the year.

The pharming scam uses DNS Cache Positioning to cheat innocent Internet users by injecting false information into DNS servers and allows hackers to redirect users to bogus Web sites. Analysts said pharming is far more sophisticated than phishing and gets the same results by redirecting a legitimate Web site address to a scammer's site.

"In recent weeks there have been a number of DNS poisoning attacks that have all the earmarks of a proof-of-concept that has the potential to be the next wave of phishing scams," said Peter Rendall, CEO and President of Top Layer Networks. "Internet service providers have an obligation to protect their DNS infrastructures from these sophisticated attacks or face the reality of possible liability as users' confidential information and financial accounts are compromised."

Phishing Versus Pharming

In the past, phishing attacks usually consisted of official-looking e-mails from financial services institutions trying to link to what looks like an official site but is actually an unrelated Web site.

Users have unwittingly suffered identity theft by serving up their personal user and password information, which was then used to gain access to their personal banking and credit card accounts.

Pharming differs from traditional phishing in that a user attempting to directly access their online bank account may think they are on their bank's Web site, but in reality have been secretly redirected to the scammer's look-alike Web site.

Targeting Smaller ISPs

Analysts said pharming is especially insidious since the user is never required to open an e-mail attachment or click on a link. The the user is simply returning to a Web site they may have visited many times previously.

But Dave Jevans, Chairman of the Anti-Phishing Working Group, told TechNewsWorld that he does not yet consider pharming a serious threat because the attacks are coming against very small ISPs that are running DNS servers on Windows.

"Pharming is a threat, but pharmers are not poisoning class C or B networks that run DNS servers on Unix," Jevans said. "Still, these Internet attacks are getting a lot more sophisticated. It's not just sending e-mails from Bulgaria anymore."

Beware of SPIM

Meanwhile, new IM threats, including viruses, worms, and spam over IM (SPIM)/malware are on the rise, according to the IMlogic Threat Center. The Center reports a 271 percent increase in reported incidents of these IM-borne security threats.

More than 50 percent of externally reported incidents to the IMlogic Threat Center in Q1 2005 were attributed to enterprises and small businesses utilizing popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo! Messenger.

The Next Big Threat

Jevans said the goal of many of the bugs, worms and viruses today is to install crimeware on a user's computer. That, he predicted, is the next big threat.

"Crimeware is getting really sophisticated," Jevans said. "We are seeing some software out there now that will try to disable your anti-spyware and your anti-virus so you can't get rid of it. It will keylog against lots of different sites, so it will be tracking everything you do when you visit many different sites."